[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fuOP1ZOwyhiqb72jXrrIqFwst6HhCinARE2rNLt9xGxw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":20,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":34,"analysis":57,"fingerprints":156},"spamassassin-preferences","SpamAssassin Preferences","1.0","Greg Ross","https:\u002F\u002Fprofiles.wordpress.org\u002Fgregross\u002F","\u003Cp>Set your SpamAssassin preferences from your WordPress user profile.\u003C\u002Fp>\n\u003Cp>This code is released under the GPL v2, see license.txt for details.\u003C\u002Fp>\n","Set your SpamAssassin preferences from your WordPress user profile.",10,1555,0,"2023-12-03T02:55:00.000Z","6.4.8","3.5.0","",[19],"spamassassin","http:\u002F\u002Ftoolstack.com\u002Fsa-prefs","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspamassassin-preferences.1.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"gregross",34,7510,88,39,80,"2026-04-04T15:35:45.801Z",[35],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":43,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":17,"tags":49,"homepage":54,"download_link":55,"security_score":56,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24},"add-plain-text-email","Add Plain-Text Email","1.2.1","Danny van Kooten","https:\u002F\u002Fprofiles.wordpress.org\u002Fdvankooten\u002F","\u003Ch4>Add Plain-Text Email\u003C\u002Fh4>\n\u003Cp>This plugin will add a \u003Ccode>plain\u002Ftext\u003C\u002Fcode> version of your HTML emails to your WordPress emails. This decreases the chance of your legit emails being marked as spam by tools as SpamAssassin.\u003C\u002Fp>\n\u003Cp>This plugin comes without any settings. When activated, it will automatically look for HTML emails being sent using the \u003Ccode>wp_mail()\u003C\u002Fcode> function and when necessary add the plain text version.\u003C\u002Fp>\n\u003Cp>If you have more question about the why’s of this plugin, take a look at the FAQ.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>More information\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>More \u003Ca href=\"https:\u002F\u002Fdannyvankooten.com\u002Fwordpress-plugins\u002F\" rel=\"nofollow ugc\">WordPress plugins\u003C\u002Fa> by Danny van Kooten.\u003C\u002Fli>\n\u003Cli>Source code of this plugin on SourceHut: \u003Ca href=\"https:\u002F\u002Fgit.sr.ht\u002F~dvko\u002Fwp-add-plaintext-email\" rel=\"nofollow ugc\">~dvko\u002Fwp-add-plaintext-email\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds a text\u002Fplain email to text\u002Fhtml emails to decrease the chance of emails being tagged as spam.",100,5867,4,"2025-01-06T12:58:00.000Z","6.7.5","3.1",[50,51,52,19,53],"email","html-email","spam","text-email","http:\u002F\u002Fwww.dannyvankooten.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadd-plain-text-email.1.2.1.zip",92,{"attackSurface":58,"codeSignals":85,"taintFlows":146,"riskAssessment":147,"analyzedAt":155},{"hooks":59,"ajaxHandlers":81,"restRoutes":82,"shortcodes":83,"cronEvents":84,"entryPointCount":13,"unprotectedCount":13},[60,67,71,74,78],{"type":61,"name":62,"callback":63,"priority":64,"file":65,"line":66},"action","admin_menu","SAPrefsAddSettingsMenu",1,"spamassassin-preferences.php",178,{"type":61,"name":68,"callback":69,"file":65,"line":70},"show_user_profile","SAPrefsLoadProfile",181,{"type":61,"name":72,"callback":69,"file":65,"line":73},"edit_user_profile",182,{"type":61,"name":75,"callback":76,"file":65,"line":77},"personal_options_update","SAPrefsSaveProfile",183,{"type":61,"name":79,"callback":76,"file":65,"line":80},"edit_user_profile_update",184,[],[],[],[],{"dangerousFunctions":86,"sqlUsage":87,"outputEscaping":96,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":88,"bundledLibraries":145},[],{"prepared":13,"raw":88,"locations":89},2,[90,94],{"file":91,"line":92,"context":93},"spamassassin-preferences-options.php",126,"$wpdb->get_results() with variable interpolation",{"file":91,"line":95,"context":93},135,{"escaped":13,"rawEcho":97,"locations":98},22,[99,103,105,107,109,111,113,115,117,119,121,123,125,127,129,131,133,135,137,139,141,143],{"file":100,"line":101,"context":102},"spamassassin-preferences-admin-options.php",35,"raw output",{"file":100,"line":104,"context":102},42,{"file":100,"line":106,"context":102},47,{"file":100,"line":108,"context":102},49,{"file":100,"line":110,"context":102},62,{"file":91,"line":112,"context":102},205,{"file":91,"line":114,"context":102},210,{"file":91,"line":116,"context":102},217,{"file":91,"line":118,"context":102},225,{"file":91,"line":120,"context":102},227,{"file":91,"line":122,"context":102},232,{"file":91,"line":124,"context":102},243,{"file":91,"line":126,"context":102},250,{"file":91,"line":128,"context":102},257,{"file":91,"line":130,"context":102},264,{"file":91,"line":132,"context":102},270,{"file":91,"line":134,"context":102},279,{"file":91,"line":136,"context":102},286,{"file":91,"line":138,"context":102},292,{"file":91,"line":140,"context":102},301,{"file":91,"line":142,"context":102},308,{"file":91,"line":144,"context":102},314,[],[],{"summary":148,"deductions":149},"The \"spamassassin-preferences\" v1.0 plugin exhibits a strong security posture in terms of its attack surface, with no identified AJAX handlers, REST API routes, shortcodes, or cron events that could be exploited. The absence of dangerous functions and file operations further contributes to a positive security outlook.  However, the code analysis reveals significant concerns regarding data handling.  Two SQL queries are present, and alarmingly, none utilize prepared statements, indicating a high risk of SQL injection vulnerabilities. Furthermore, the plugin fails to properly escape any of its 22 output instances, leaving it susceptible to cross-site scripting (XSS) attacks. The vulnerability history is clean, showing no known CVEs, which is a positive sign.  This suggests that while the code may have potential weaknesses, they have not yet been publicly exploited or discovered.  In conclusion, the plugin's minimal attack surface and clean vulnerability history are strengths. Nevertheless, the unescaped output and raw SQL queries present critical, exploitable risks that need immediate attention.",[150,152],{"reason":151,"points":11},"Raw SQL queries without prepared statements",{"reason":153,"points":154},"Output not properly escaped",8,"2026-03-17T00:05:31.925Z",{"wat":157,"direct":163},{"assetPaths":158,"generatorPatterns":159,"scriptPaths":160,"versionParams":161},[],[],[],[91,162,100],"just-writing-user-setup.php",{"cssClasses":164,"htmlComments":165,"htmlAttributes":186,"restEndpoints":187,"jsGlobals":188,"shortcodeOutput":189},[],[166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185],"This function is called when a user edits their profile and creates the Just Writing section.","the user who's profile we're viewing","This function is called when a user edits their profile and saves the Just Writing preferences.","the user who's settings we're saving","This function is called to add the new buttons to the distraction free writing mode.","It's registered at the end of the file with an add_action() call.","Get the user option to see if we're enabled.","If the enabled check returned a blank string it's because this is the first run and no config","has been written yet, so let's do that now.","If we're enabled, setup as required.","Get the options to pass to the javascript code","By default, assume we're not autoloading DFWM.","Check to see if we're supposed to autoload DFWM if we're creating a new post.","Check to see if we're supposed to autoload DFWM if we're editing a post.","Finally, check to see if we were passed an autoload variable on the URL, which happens if the user has","clicked DFWM in the post\u002Fpages list.","This function generates the Just Writing settings page and handles the actions assocaited with it.","This function adds the admin page to the settings menu.","Add the admin page to the settings menu.","Handle the user profile items",[],[],[],[]]